GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
                  
                    
                      
                      All reviewed
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      Composer
                    
                    
                      4,950
                    
                  
                  
                    
                      
                      Erlang
                    
                    
                      39
                    
                  
                  
                    
                      
                      GitHub Actions
                    
                    
                      38
                    
                  
                  
                    
                      
                      Go
                    
                    
                      2,603
                    
                  
                  
                    
                      
                      Maven
                    
                    
                      5,000+
                    
                  
                  
                    
                      
                      npm
                    
                    
                      4,250
                    
                  
                  
                    
                      
                      NuGet
                    
                    
                      755
                    
                  
                  
                    
                      
                      pip
                    
                    
                      4,013
                    
                  
                  
                    
                      
                      Pub
                    
                    
                      12
                    
                  
                  
                    
                      
                      RubyGems
                    
                    
                      953
                    
                  
                  
                    
                      
                      Rust
                    
                    
                      1,048
                    
                  
                  
                    
                      
                      Swift
                    
                    
                      45
                    
                  
                  Unreviewed advisories
                  
                    
                      
                      All unreviewed
                    
                    
                      5,000+
                    
                  
            1,649 advisories
        Filter by severity
        
      
      
    
                    
                      jwcrypto token substitution can lead to authentication bypass
                    
                      
  Moderate
                    
                
                      
                        CVE-2022-3102
                      
                      was published
                        for
                        
                          jwcrypto
                        
                        (pip)
                      Sep 21, 2022 
                    
                  
                    
                      mofh Vulnerable to Improper Restriction of XML External Entity Reference
                    
                      
  Moderate
                    
                
                      
                        GHSA-7r9x-qrpr-3cxw
                      
                      was published
                        for
                        
                          mofh
                        
                        (pip)
                      Aug 11, 2022 
                    
                  
                    
                      Vulnerable OpenSSL included in cryptography wheels
                    
                      
  Moderate
                    
                
                      
                        GHSA-39hc-v87j-747x
                      
                      was published
                        for
                        
                          cryptography
                        
                        (pip)
                      Nov 2, 2022 
                    
                  
                    
                      Cross-Site Scripting
                    
                      
  Moderate
                    
                
                      
                        GHSA-57h7-r3q3-w57j
                      
                      was published
                        for
                        
                          djangorestframework
                        
                        (pip)
                      Feb 24, 2021 
                        •
                        
                          withdrawn
                    
                  
                    
                      Cross-Site Scripting
                    
                      
  Moderate
                    
                
                      
                        GHSA-94ww-22rx-493x
                      
                      was published
                        for
                        
                          flower
                        
                        (pip)
                      Feb 24, 2021 
                        •
                        
                          withdrawn
                    
                  
                    
                      Moderate severity vulnerability that affects mailman
                    
                      
  Moderate
                    
                
                      
                        CVE-2018-13796
                      
                      was published
                        for
                        
                          mailman
                        
                        (pip)
                      Sep 11, 2018 
                    
                  
                    
                      CSRF tokens leaked in URL by canned query form
                    
                      
  Moderate
                    
                
                      
                        GHSA-q6j3-c4wc-63vw
                      
                      was published
                        for
                        
                          datasette
                        
                        (pip)
                      Aug 11, 2020 
                    
                  
                    
                      Moderate severity vulnerability that affects Zope2
                    
                      
  Moderate
                    
                
                      
                        CVE-2010-1104
                      
                      was published
                        for
                        
                          Zope2
                        
                        (pip)
                      Jul 23, 2018 
                    
                  
                    
                      Moderate severity vulnerability that affects aioxmpp
                    
                      
  Moderate
                    
                
                      
                        GHSA-32f7-cmr3-vpjv
                      
                      was published
                        for
                        
                          aioxmpp
                        
                        (pip)
                      Feb 7, 2019 
                        •
                        
                          withdrawn
                    
                  
                    
                      Directory traversal outside of SENDFILE_ROOT in django-sendfile2
                    
                      
  Moderate
                    
                
                      
                        GHSA-6r3c-8xf3-ggrr
                      
                      was published
                        for
                        
                          django-sendfile2
                        
                        (pip)
                      Jun 24, 2020 
                    
                  
                    
                      Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
                    
                      
  Moderate
                    
                
                      
                        GHSA-7h5v-85w9-pq6c
                      
                      was published
                        for
                        
                          matrix-synapse
                        
                        (pip)
                      May 19, 2021 
                    
                  
                    
                      Uncontrolled Resource Consumption in pillow
                    
                      
  Moderate
                    
                
                      
                        GHSA-jgpv-4h4c-xhw3
                      
                      was published
                        for
                        
                          pillow
                        
                        (pip)
                      Apr 23, 2021 
                    
                  
                    
                      Potential API key leak
                    
                      
  Moderate
                    
                
                      
                        GHSA-63rq-p8fp-524q
                      
                      was published
                        for
                        
                          sopel-modules.weather
                        
                        (pip)
                      Apr 13, 2021 
                    
                  
                    
                      VVE-2021-0001: Memory corruption using function calls within arrays
                    
                      
  Moderate
                    
                
                      
                        GHSA-22wc-c9wj-6q2v
                      
                      was published
                        for
                        
                          vyper
                        
                        (pip)
                      Apr 19, 2021 
                    
                  
                    
                      Improper Verification of Cryptographic Signature in aws-encryption-sdk
                    
                      
  Moderate
                    
                
                      
                        GHSA-x5h4-9gqw-942j
                      
                      was published
                        for
                        
                          aws-encryption-sdk
                        
                        (pip)
                      Jun 1, 2021 
                    
                  
                    
                      Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
                    
                      
  Moderate
                    
                
                      
                        GHSA-89v2-g37m-g3ff
                      
                      was published
                        for
                        
                          aws-encryption-sdk-cli
                        
                        (pip)
                      Jun 1, 2021 
                    
                  
                    
                      Out-of-bounds Write in OpenCV
                    
                      
  Moderate
                    
                
                      
                        CVE-2017-14136
                      
                      was published
                        for
                        
                          opencv-contrib-python
                        
                        (pip)
                      Oct 12, 2021 
                    
                  
                    
                      Improper Input Validation in OpenCV
                    
                      
  Moderate
                    
                
                      
                        CVE-2016-1517
                      
                      was published
                        for
                        
                          opencv-contrib-python
                        
                        (pip)
                      Oct 12, 2021 
                    
                  
                    
                      ReDoS in LDAP schema parser
                    
                      
  Moderate
                    
                
                      
                        GHSA-r8wq-qrxc-hmcm
                      
                      was published
                        for
                        
                          python-ldap
                        
                        (pip)
                      Nov 29, 2021 
                    
                  
                    
                      Invalid URL generation in bitlyshortener
                    
                      
  Moderate
                    
                
                      
                        GHSA-rcrv-228c-gprj
                      
                      was published
                        for
                        
                          bitlyshortener
                        
                        (pip)
                      Jan 21, 2022 
                    
                  
                    
                      Cross-site Scripting and Open Redirect in Products.CMFPlone
                    
                      
  Moderate
                    
                
                      
                        GHSA-8w54-22w9-3g8f
                      
                      was published
                        for
                        
                          Products.CMFPlone
                        
                        (pip)
                      Jan 28, 2022 
                    
                  
                    
                      Cross-site Scripting and Open Redirect in plone.app.contenttypes
                    
                      
  Moderate
                    
                
                      
                        GHSA-f7qw-5fgj-247x
                      
                      was published
                        for
                        
                          plone.app.contenttypes
                        
                        (pip)
                      Feb 1, 2022 
                    
                  
                    
                      Integer Overflow or Wraparound in TensorFlow
                    
                      
  Moderate
                    
                
                      
                        GHSA-wcv5-vrvr-3rx2
                      
                      was published
                        for
                        
                          tensorflow
                        
                        (pip)
                      Feb 9, 2022 
                    
                  
                    
                      SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc
                    
                      
  Moderate
                    
                
                      
                        GHSA-cf4q-4cqr-7g7w
                      
                      was published
                        for
                        
                          xml2rfc
                        
                        (pip)
                      Apr 22, 2022 
                    
                  
        
        ProTip!
        Advisories are also available from the 
        GraphQL API